CPEs are case-sensitive

### Current Behavior

Currently when you're adding component with CPE like:

cpe:2.3:a:7-Zip:7-Zip:18.03:*:*:*:*:*:*:*

The DependencyTrack analyzers will not find any issues. When switching from "Z" to "z" everything works correctly:

cpe:2.3:a:7-zip:7-zip:18.03:*:*:*:*:*:*:*

### Proposed Behavior

The CPE (and PURL I suppose) should be case-insensitive, all combination should find vulnerabilities.

### Checklist

- [x] I have read and understand the [contributing guidelines](https://github.com/DependencyTrack/dependency-track/blob/master/CONTRIBUTING.md#filing-issues)
- [x] I have checked the [existing issues](https://github.com/DependencyTrack/dependency-track/issues) for whether this enhancement was already requested

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

CPEs are case-sensitive #4663

Current Behavior

Proposed Behavior

Checklist

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

CPEs are case-sensitive #4663

Description

Current Behavior

Proposed Behavior

Checklist

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions